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In the Claims: 

Please replace all previous claim listings with the following claim listing: 

1 . (Currently Amended) A method for selectively allowing a us e r of a multi us e r syst e m 
access to a plurality of resources in a network, the method comprising: 

receiving a request originated from the a user of a multi-user system to transmit a 
message via the multi-user system over the network to one of the plurality of resources , wherein ' 
each of the plurality of resources has been assigned to one of a plurality of security zones based 
on a level of security sensitivity of the resource ; 

identifying7#em a one of the p lurality of security zones that is , a security zon e associated 
with the one of the plurality of resources; 

determining if the user of the multi-user system is authorized access to the identified one 
of the plurality of security zones security zone ; and 

forwarding the message from the multi-user system over the network to th e on e of th e 
plurality of r e sourc e s only if it is determined that the user is authorized access to the identified 
one of the plurality of security zones, s e curity zon e . 

2. (Currently Amended) The method of Claim 1, wherein the multi-user system 
comprises a mainframe computer, and wherein the request is originated on a workstation of the 
mainframe computer, further comprising th e step of associating a s e curity zon e with e ach of th e 
plurality of r e sourc e s. 

3. (Currently Amended) The method of Claim 2, wherein the mainframe computer 
receives the request originated from the user, identifies the one of the plurality of security zones 
associated with the one of the plurality of resources, and determines if the user is authorized 
access to the one of the plurality of resources, furth e r comprising th e st e p of sp e cifying th e 
s e curity zones to which us e rs of th e multi us e r system ar e authoriz e d acc e ss. 
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4. (Currently Amended) The method of Claim [[+]] 3, wherein the step of identifying the 
one of the plurality of security zones s e curity zon e associated with the one of the plurality of 
resources comprises accessing a data structure that specifies the security zone associated with 
each resource in the plurality of resources. 

5. (Currently Amended) The method of Claim 4, wherein at least one entry in the data 
structure specifies the security zone associated with a group of the resources in the plurality of 
resources, and wherein identifying the one of the plurality of security zones s e curity zon e 
associated with the one of the plurality of resources comprises identifying the security zone 
associated with the most specific entry in the data structure that includes the resource. 

6. (Original) The method of Claim 1, wherein the identifying and determining steps are 
performed within the multi-user system. 

7. (Currently Amended) The method of Claim 1, wherein the message forwarded over 
the network includes a first user identification associated with the multi-user system but does not 
include a second user identification associated with the user of the multi-user system, th e st e p of 
det e rmining if th e us e r is authoriz e d acc e ss to th e id e ntified compris e s qu e rying a s e curity 
manag e r of th e multi us e r system to det e rmin e if th e us e r is authoriz e d access to th e s e curity 
zon e associat e d with th e on e of th e plurality of r e sourc e s. 

8. (Currently Amended) The method of Claim [T71] K wherein the identifying and 
determining steps are performed request to transmit a m e ssag e is d e ni e d if it is d e t e rmin e d that 
th e us e r is not authoriz e d access to th e s e curity zon e associat e d with th e on e of th e plurality of 
r e sourc e s before any data packets associated with the message are forwarded over the network. 

9. (Original) The method of Claim 1, wherein the network is an internet protocol 
network. 
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10-13. (Cancelled) 

14. (Currently Amended) A system for selectively allowing a us e r of a multi us e r syst e m 
access to a plurality of resources in a network, comprising: 

means for receiving a request originated from the a user of a multi-user system to transmit 
a message via the multi-user system over the network to one of the plurality of resources^ 
wherein each of the plurality of resources has been assigned to one of a plurality of security 
zones based on a level of security sensitivity of the resource ; 

means for identifying^rem a one of the p lurality of security zones that is , a s e curity zone 
associated with the one of the plurality of resources; 

means for determining if the user of the multi-user system is authorized access to the 
identified one of the plurality of security zones s e curity zon e; and 

means for forwarding the message from the multi-user system over the network to th e on e 
of th e plurality of r e sourc e s only if it is determined that the user is authorized access to the 
identified one of the plurality of security zones, s e curity zon e . 

15. (Original) The system of Claim 14, further comprising means for associating a 
security zone with each of the plurality of resources. 

16. (Currently Amended) The system of Claim 15, further comprising means for 
specifying in advance of receiving the request the security zones to which users of the multi-user 
system are authorized access. 

17. (Currently Amended) The system of Claim 14, wherein the means for identifying the 
one of the plurality of security zones s e curity zon e associated with the one of the plurality of 
resources comprise means for accessing a data structure that specifies the security zone 
associated with each resource in the plurality of resources. 
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18. (Currently Amended) The system of Claim 17, wherein at least one entry in the data 
structure specifies the security zone associated with a group of the resources in the plurality of 
resources, and wherein the means for identifying the one of the plurality of security zones 
security zon e associated with the one of the plurality of resources comprises means for 
identifying the security zone associated with the most specific entry in the data structure that 
includes the resource. 

19. (Currently Amended) A computer program product for selectively allowing a us e r of 
a multi us e r syst e m access to a plurality of resources in a network, comprising: 

a computer-readable storage medium having computer-readable program code embodied 
in said medium, said computer-readable program code comprising: 

computer program product means for receiving a request originated from the a user of a 
multi-user system to transmit a message via the multi-user system over the network to one of the 
plurality of resources , wherein each of the plurality of resources has been assigned to one of a 
plurality of security zones based on a level of security sensitivity of the resource ; 

computer program product means for identifying^-frem a one of the p lurality of security 
zones that is , a s e curity zon e associated with the one of the plurality of resources; 

computer program product means for determining if the user of the multi-user system is 
authorized access to the identified one of the plurality of security zones s e curity zon e; and 

computer program product means for forwarding the message from the multi-user system 
over the network to th e on e of th e plurality of r e sources only if it is determined that the user is 
authorized access to the identified one of the plurality of security zones, s e curity zon e . 

20. (Original) The computer program product of Claim 19, further comprising computer 
program product means for associating a security zone with each of the plurality of resources. 

21 . (Currently Amended) The computer program product of Claim 20, further 
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comprising computer program product means for specifying in advance of receiving the request 
the security zones to which users of the multi-user system are authorized access. 

22. (Currently Amended) The computer program product of Claim 19, wherein the 
computer program product means for identifying the one of the plurality of security zones 
security zon e associated with the one of the plurality of resources comprise computer program 
product means for accessing a data structure that specifies the security zone associated with each 
resource in the plurality of resources. 

23. (Currently Amended) The computer program product of Claim 22, wherein at least 
one entry in the data structure specifies the security zone associated with a group of the resources 
in the plurality of resources, and wherein the computer program product means for identifying 
the one of the plurality of security zones s e curity zon e associated with the one of the plurality of 
resources comprises computer program product means for identifying the security zone 
associated with the most specific entry in the data structure that includes the resource. 

24. (Original) A method for selectively allowing a user of a multi-user system access to 
a plurality of resources in a network, the method comprising: 

receiving a message over the network from one of the plurality of resources that is 
addressed to a process running on the multi-user system that is associated with the user; 

identifying, from a plurality of security zones, a security zone associated with the one of 
the plurality of resources; 

determining if the user is authorized access to the identified security zone; and 

forwarding the message to the process only if it is determined that the user is authorized 
access to the identified security zone. 

25. (New) A data processing system for selectively allowing access to a plurality of 



In re: Bruton et al. 
Serial No. 09/773,811 
Filed: January 31, 2001 
Page 7 

resources in a network, comprising: 

a data processing device, the data processing device connected to a first network that 
includes a plurality of networked resources; 

a plurality of workstations that are configured to execute applications on the data 
processing device; 

a first data structure that specifies at least one security zone from a plurality of security 
zones that is associated with each of the plurality of networked resources, wherein each of the 
plurality of security zones represents a distinct level of security sensitivity; and 

a second data structure that specifies the respective security zones to which a plurality 
users of the data processing device may have access. 

26. (New) The data processing system of Claim 25, wherein the first data structure 
comprises a mapping table that identifies the respective one of the plurality of security zones 
associated with each of the plurality of networked resources, wherein at least some of the entries 
in the mapping table are associated with multiple of the plurality of networked resources. 

27. (New) The data processing system of Claim 26, wherein entries in the mapping table 
include wildcard characters to specify multiple of the plurality of networked resources with a 
single entry in the mapping table. 

28. (New) The method of Claim 24, wherein the multi-user system identifies the security 
zone associated with the one of the plurality of resources and determines if the user is authorized 
access to the identified security zone. 



